A senior scientist at Google has warned European regulators that sweeping new data sharing requirements could expose users’ private information, as the bloc intensifies enforcement of competition rules on major tech platforms.

The warning centres on the Digital Markets Act, which is designed to curb the market power of dominant digital companies by forcing them to open up key data to rivals.

Under draft measures from the European Commission, Google would be required to share detailed search data, including rankings, queries, clicks and views, with competitors such as OpenAI.

According to Google researcher Sergei Vassilvitskii internal “red team” testing showed anonymised datasets could be reversed in less than two hours, allowing individual users to be identified.

The findings raise questions about whether current de-identification techniques are robust enough when applied at scale.

The Commission is now considering whether rivals should receive access to Google’s search data at the same frequency the company uses it internally, rather than through delayed or aggregated releases.

Google argued that near real-time access would significantly increase the risk of re-identification, particularly given the sensitive nature of search histories, which can reveal health concerns, financial stress and other personal matters.

The dispute forms part of a broader investigation into Alphabet Inc., opened in March 2024, with regulators assessing whether the company is complying with its obligations under the DMA.

A final decision on the scope of data sharing rules is expected by July 27, with potential penalties of up to 10 per cent of global annual revenue for non-compliance.

Meanwhile, the regulatory push is intersecting with a fast-moving race to build more advanced artificial intelligence systems, where access to high-quality data is emerging as a critical advantage.

While the DMA presses Google to share elements of its search data with competitors, companies are increasingly turning to alternative, more private data sources that may sit outside the reach of current rules.

Meta Platforms, the parent of Facebook and Instagram, has launched an internal initiative that records employee activity across selected workplace applications and websites.

The program captures mouse movements, clicks, keystrokes and screenshots, which are then used to train AI systems capable of performing computer-based tasks.

Meta describes the effort, known as the “Model Capability Initiative”, as a program without an opt-out for employees, effectively creating a proprietary dataset that could give the company an advantage in training future AI models.

The development highlights a potential unintended consequence of the EU’s approach. If regulators mandate broader sharing of public-facing data such as search logs, companies may shift their focus toward internal or enterprise data that is more difficult for authorities to access or regulate.

Such datasets, often generated within closed workplace environments, could prove more valuable for training next-generation AI systems while remaining largely beyond the scope of current competition frameworks.

The tension underscores a growing policy challenge for regulators: balancing the push for market competition and data access with the need to protect user privacy, while also keeping pace with how and where valuable data is being created in the AI era.